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(54) System and method for efficiently implementing an authenticated communications channel 
that facilitates tamper detection 



(57) A communication system includes communica- 
tion devices which communicate during a communica- 
tion session. During communication session establish- 
ment, the devices exchange a session key in an encrypt- 
ed manner for privacy. When one device has information 
to transfer to the other device, the one device will ap- 
pend the session key to the information and apply a 
hash function thereto to generate a hash value, and gen- 
erate a message packet for transfer to the other device 
that includes an information portion containing the infor- 
mation and a hash value portion containing the hash val- 
ue. When the other device receives the message pack- 



et, it will append the session key to the information from 
the information portion of the packet that it receives, and 
generate a hash value therefrom. If the receiving device 
determines that the generated hash value corresponds 
to the hash value received in the message packet, prop- 
erties of the hash function that is used to generate the 
hash values enable it to conclude that the message 
packet was not tampered with during the transfer and 
that It originated from the one device. The system avoids 
the necessity of computation-intensive encryption and 
decryption for message packet transfer during a com- 
munication session. 
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Description 

The present invention relates generally to the field 
of communications. 

More particularly, the present Invention relates to a 
communication system and a method of operating a 
communications system for efficiently providing an au- 
thenticated communications channel, that facilitates de- 
tection of tampering, for transferring information be- 
tween a source device and a destination device over a 
network. 

Digital networks have been developed to facilitate 
the transfer of information, including data and programs, 
among digital computer systems and other digital devic- 
es. A variety of types of networks have been developed 
and implemented, including so-called "wide-area net- 
works" (WANs), "local area networks" (LANs), which 
transfer information using diverse information transfer 
methodologies. Generally, LANs are implemented over 
relatively small geographical areas, such as within an 
individual office facility or the like, for transferring infor- 
mation within a particular office, company or similar type 
of organization. On the other hand, WANs are imple- 
mented over relatively large geographical areas, and 
may bo used to transfer information between LANs, be- 
tween devices that are not connected to LANs, and the 
like. WANs also include public networks, such as the 
Internet, which can carry information for a number of 
companies 

Several problems have arisen in connection with 
transfer of information over networks, particularly public 
networks. One problem is privacy, so that, if information 
to be transferred from a source device to a destination 
device over the network is intercepted by a third device, 
the intercepting device cannot determine what the ac- 
tual information is. A second problem is tamper detec- 
tion, so that, If information transferred from the source 
device to the destination device has been intercepted 
and tampered with by a third device, the tampering can 
be detected. A final problem is to ensure that information 
received by the destination device is "authentic," that is, 
that, if the information indicates that it has been trans- 
mitted by the source device, it (that is, the information) 
has actually be transmitted by the source device and not 
by a third device. 

All of these problems are addressed by communi- 
cation methodology as follows. When the source device 
has information ("INF") to be transferred, the source de- 
vice first processes the information using a hash func- 
tion to generate a hash value, that is, HASH(INF). Gen- 
erally, a hash function takes an input value, in this case 
"INF," and generates therefrom an output value, in this 
case "HASHONF)," that 

(1 ) Is of fixed length; even though the length of the 
input value may vary; 

(2) is such that the hash value generated using the 
hash function is highly likely to be unique; that is, 



that it is highly unlikely that different input values 
would "hash" to the same hash value; and 
(3) is such that, given the hash value "HASH(INF), 
" the input cannot be determined, with a high degree 
5 of probability, even if the hash function is known, 
that is, the hash function is not invertible. 

With respect to condition (2) above, it is generally pos- 
sible that different input values may hash to the same 

10 hash value, but if the number of possible hash values is 
made large enough, it would be extremely unlikely that 
two different input values would actually hash to the 
same hash value. If, for example, the length of the hash 
value is selected to be 128 digital data bits, then the 

15 number of possible different hash values would be 2^28 
(which corresponds to approximately 10^^), which is an 
extremely large number. A number of hash functions are 
known, including, for example, those described in B. 
Schneier, "Applied Cryptography," 2d Edition (Wiley) 

20 (hereinafter "Schneier"), chapter 18, incorporated here- 
in by reference. As will be described below, the destina- 
tion device will be aware of the particular hash function 
used by the source device. 

After generating the hash value HASH(INF), the 

2S source device will concatenate the hash value to the in- 
formation to be transferred, thereby to generate an in- 
formation packet "INFIHASH(INF)" (where "I" repre- 
sents the concatenation operation). The "HASH(INF)" 
portion of the information packet represents a signature 

30 value for the information portion "INF." 

Finally, the source device will encrypt the entire in- 
formation packet INFIHASH(INF), thereby to generate 
a message packet Ee key (INFIHASH(INF)) to be trans- 
ferred. The source device may use any encryption meth- 

3S odology, which will be known by the destination device. 
A number of encryption methodologies are known, in- 
cluding, for example, those as described in Parts II and 
III of Schneier, which is also incorporated herein by ref- 
erence. Generally, encryption is performed in relation to 

40 one or more encryption key values (represented above 
by the subscript "E_KEY"). In one methodology, the 
source device can use a particular key value, which is 
also known by the destination device and which, as will 
be described below, will be used by the destination de- 

45 vice in decrypting the message packet. In another meth- 
odology, which is known as the "public key/private key" 
encryption methodology, the source device will encrypt 
the information packet INFIHASH(INF) in relation to one 
value PR1V_S, termed the private key, to generate a 

so pDessage packet EpR,v_s (INFIHASH(INF)) for transfer 
to the destination device. 

When the destination device receives a message 
packet which is purportedly from the particular source 
device, it (that is, the destination device) will initially per- 

ss form a decryption operation to generate a decrypted in- 
formation packet Dd_key (^e-key (INFIHASH(INF))) us- 
ing a decryption methodology and decryption key value 
"E_KEY" which will be related to the particular encryp- 
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tion methodology and encryption key value used by the 
source device. Decryption methodologies useful with 
the encryption techniques described in Parts II and III of 
Schneier are also described therein. II the source and 
destination devices are not using the public key/private 
key encryption methodology, the decryption key value 
"D_KEY" may be the same as 'the encryption key value 
'•E_KEY" used by the source device in encrypting the 
operation. If the decryption key value "D_KEY" and the 
encryption key value "E.KEY" are the same, the encryp- 
tion methodology is generally referred to as a symmetric 
cipher; an illustrative symmetric cipher is the Data En- 
cryption Algorithm ("DEA") specified by the Data En- 
cryption Standard ("DES") described in chapter 12 of 
Schneier. On the other hand, if the source and destina- 
tion devices are using the public key/private key encryp- 
tion methodology, then the key value used by the desti- 
nation device would be the source device's public key 
value PUB_S. in which case the destination device 
would generate the decrypted information packet 
DpuB_s (EpRiv.s (INFIHASH(INF))). 

The encryption of the message packet that is trans- 
ferred between the source and destination devices en- 
sures that the information in the packet will be private, 
to a high probability, particularly if the encryption and 
decryption keys are maintained in secrecy and not 
known by potential interceptors. However, encryption 
does not verify that the information packet has not been 
tampered with by a third device, nor does encryption by 
itself necessarily verify that the information packet was, 
in fact, transmitted by the particular source device which 
the destination device believes transmitted It. To accom- 
plish this, the destination device will initially assume that 
the decrypted information packet Dq key (^e_key 
(INFIHASH(INF))) has the structure INF'IHASH(INF)', 
that is, that it has an information packet with a hash val- 
ue appended thereto, with the hash value being of the 
same length as the hash value of the information packet 
that was encrypted by the source device. Using the 
same hash function as the source device would use in 
generating the information packet, the destination de- 
vice generates a hash value from the Information portion 
of. the packet, that is, HASH(INF'), and compares it to 
the hash value portion HASH{INF)'. If the two hash val- 
ues are the same, then from property (2) ot the hash 
function as described above, it would be extremely un- 
likely that the encrypted information packet transmitted 
by the source device would have been tampered with, 
since tampering would produce different information 
INF', which would hash to a different hash value. In ad- 
dition, except in the unlikely event that a third device 
knew the encryption key used by the source device, if 
the destination device determines that the two hash val- 
ues are the same, then the destination device can de- 
termine that the information packet originated from the 
source device. 

A problem arises in connection with the methodol- 
ogy described above, in that encryption and decryption 



is very computation Intensive, particularly for truly se- 
cure encryption and decryption methodologies. Since 
encryption and decryption are computation intensive, 
they may result in an increase in the latency, or delay. 

5 which is required to accomplish an information transfer, 
the latency being due to the time required to encrypt and 
decrypt the information to be transferred. The latency 
may be reduced by using expensive and powerful com- 
puters or special-purpose encryption and decryption 

10 hardware, which can add to the cost of the devices en- 
gaging in the information transfer. In addition, the time 
required to generate the encrypted and decrypted infor- 
mation packets increases linearly with the size of the 
information to be encrypted and decrypted. Accordingly, 

IS where privacy ot the information is not a requirement, 
but where tamper detection and authenticity is needed, 
a communication methodology has been developed 
whereby only the hash value Is encrypted, using the 
same encryption and decryption methodologies as de- 

20 scribed above. In that case, even if a third device knows 
which hash function and encryption methodology the 
presumed source device is using, if it (that is, the third 
device) does not know the source device's encryption 
key, it cannot generate an encrypted hash value which, 

25 when decrypted by the destination device would corre- 
spond to the hash value generated by the destination 
device for the information portion of the packet. Thus, 
thus communication methodology ensures authenticity, 
that is, that a packet presumably from a particular 

30 source device is actually from that source device, and 
that it has not been tampered with. However, the encryp- 
tion and decryption operations required in this commu- 
nication methodology can still require a significant 
amount of computation, particularly during a communi- 

35 cation session during which the source device may 
transfer several information packets to the destination 
device, or during which the respective devices may 
transfer a number of information packets bidirectionally 
therebetween. 

40 

SUMMARY OF THE INVENTION 

The invention provides a new and improved com- 
munication system and method for providing a tamper- 

-^5 proof authenticated data communication channel. 

In brief summary, a communication system in ac- 
cordance with the invention includes a plurality of com- 
munication devices. The communication devices en- 
gage in communication sessions which are established 

50 between pairs ofthe communication devices. During a 
communication session, information may be transferred 
from one device, as a source device, to the other device, 
as a destination device. Alternatively, each device en- 
gaged in a communication session may operate as a 

55 source device as well as a destination device to facilitate 
transfer of information bidirectionally between the devic- 
es. To establish a communication session, the devices 
that are to be engaged in the session, before they trans- 
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fer information, will engage in a session protocol nego- 
tiation during which they various session protocol infor- 
mation therebetween. During the session protocol ne- 
gotiation, one of the devices will also generate a session 
key value SK. which it encrypts and transfers to the other 
device to engage in the session. Preferably the session 
key value SK will be a relatively large random number, 
which can be generated in a conventional manner. The 
other device, in turn, will decrypt the session key value 
SK. Accordingly, both devices will have the same ses- 
sion key value SK, but the session key value SK has 
been transferred therebetween encrypted to ensure pri- 
vacy. Prior to encryption, a hash value can also be gen- 
erated from the session key value SK and appended 
thereto prior to encryption, which can be used to also 
provide for tamper detection and authenticity. 

Both devices will use the session key value as fol- 
lows. When a device has information INF to transfer, it 
will generate a hash value from the information to be 
transferred, to which the session key has been append- 
ed, that is, HASH(INFISK). Thereafter, the transferring 
device will transfer a message packet comprising the 
information INF to which the hash value has been ap- 
pended, that is INFIHASH(INFISK). When the other de- 
vice engaging in the communication session receives 
the message packet, it will also generate a hash value 
from the information portion INF' of the packet that it re- 
ceives, to which the session key SK has been append- 
ed, that is, HASH(INFMSK). If the receiving device de- 
termines that the hash value HASH(INF'ISK) corre- 
sponds to the hash value HASH(INFISK) which it re- 
ceives in the message packet, since, from property (2) 
of the hash function as described above, that is, that it 
is highly unlikely that different input values would hash 
to the same hash value, it (that is, the receiving device) 
can determine that INPISK corresponds to INFISK, in 
which case the information INF' that it receives corre- 
sponds to the INF transferred by the transferring device, 
thereby ensuring that the message packet has not been 
tampered with. In addition, since it is extremely unlikely 
that a third device would know the session key value 
SK, if the receiving device determines that the hash val- 
ue HASH(INF'ISK) corresponds to the hash value 
H ASH{INFISK) which it receives in the message packet, 
the receiving device can determine that it is extremely 
unlikely that the message packet was transferred there- 
to by another device purporting to be the transferring 
device in the communication session, thereby ensuring 
authenticity of the message packet. 

It will be appreciated that, given the non-invertability 
property of the hash function (property (3) described 
above), even if a third device intercepts a message 
packet containing an information portion INF and a hash 
value HASH(INFISK), even though the third device 
knows the information portion^ it would be extremely un- 
likely, it (that is, the third device) would be able to deter- 
mine the input value INFISK of the hash function, and 
thereby determine the session key SK. Accordingly. 
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even though the hash value HASH(INFISK) is trans- 
ferred in plain text, that is, in unencrypted form, based 
on the hash function's non-invertability property, it is ex- 
tremely unlikely that a third device would be able to de- 
s termine the value of the session key from the message 
packet. 

The invention reduces the computatbn load of en- 
gaging in a communication session by reducing the 
amount of encryption and decryption that is required. 

10 Since the invention requires encryption and decryption 
only of the session key, an encryption and decryption 
operation is required only once during the communica- 
tion session to ensure privacy of the session key, not 
each time a message packet is transferred. 

15 A session key value SK may be established once 
and used throughout the communication session, or a 
session key value may be used for a predetermined time 
interval and a new session key value may be generated 
for a subsequent time interval during the communication 

20 session. In addition, both devices engaging in the com- 
munication session may use the same session key val- 
ue SK for information transferred thereby, or each de- 
vice may generate an individual session key value for 
use in connection with information transferred thereby. 

2S 

BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention will now be tu rther described, 
by way of example, with reference to the accompanying 
30 drawings, in which: - 

FIG. 1 is a functional block diagram of a communi- 
cation system, including a plurality of communica- 
tion devices, providing an authenticated communi- 
35 cation channel in which tampering can be detected, 
In accordance with the invention; 
FIG. 2 is a functional block diagram of a communi- 
cation device as depicted in FIG. 1 . 

40 DETAILED DESCRIPTION OF AN ILLUSTRATIVE 
EMBODIMENT 

FIG. 1 is a functional block diagram of communica- 
tion system 10, including a plurality of communication 

4S devices 11(1) through 1 1 (N) (generally identified by ref- 
erence numeral 11(n)) which communicate over a net- 
work represented by communication link 12. The com- 
munication devices 1 1 (n) may comprise any ofa plurality 
of types of devices which may engage in communica- 

so tions over the network, including, for example, comput- 
ers (including personal computers, workstations, and 
mini and mainframe computers), mass storage subsys- 
tems, and other elements for generating and using data, 
whether in digital form or otherwise. 

55 The network may comprise a local area network 
(LAN), a public or private wide area network (WAN), a 
network such as the Internet or public telephony net- 
work, or any combination of such networks. As is con- 
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ventional, the network includes a communications me- 
dium over which the communication devices 11 (n) com- 
municate, which can include, lor example, wires, optical 
fibers or other media for carrying signals representing 
information among the communication devices. Each of 
the communication typically includes a network inter- 
face device (represented by respective arrows 14(n) 
and 15), which connects the respective computer to the 
communications link 1 3. 

The communication devices engage in communica- 
tion sessions which are established between pairs of the 
communication devices 11 (n) and 11 (n') (n'^^n). During 
a communication session, information may be trans- 
ferred from one communication device 11(n), as a 
source devtce 1 1 (n^) (subscript "S" indicating the source 
device), to the other communication device 11 (n'), as a 
destination device 11 (Oq) (subscript "D" indicating the 
destination device) Alternatively, each communication 
device ii(n) and I1(n') engaged In a communication 
session may oper ale as a source device 1 1 (n^) as well 
as a destination device 1 1 (n^) to facilitate transfer of 
information bidirectionally between the respective de- 
vices In accordance with the invention, to establish a 
communication session, the communication devices 11 
(n) and 1 l(n') to bo engaged in the session perform a 
session establishment operation before they actually 
engage in the transfer of the information to be trans- 
ferred during the session. During the session establish- 
ment operation, the communication devices 11 (n) and 
11 (n'), engage in a session establishment and protocol 
negotiation during which they various session protocol 
information therebetween. 

In performing the session establishment and proto- 
col negotiation operation, the devices 11(n) and 11(n') 
will perform operations which are conventionally used 
In negotiating for establishment of a session and one or 
more communication protocols to be used in transfer- 
ring information during the session. Generally, during 
such operations, the communication devices 11 (n) and 
11 (n*) will exchange one or more messages over the 
communication link 1 2 to establish the values of various 
communication parameters. In addition, to accommo- 
date the invention, during the session establishment 
and protocol negotiation operation, one of the commu- 
nication devices, illustratively communication device 11 
(n) will also generate a session key value SK, which it 
encrypts and transfers to the other communication de- 
vice 1 l(n') lhal is lo engage in the session. Preferably 
the session key value SK will be a relatively large ran- 
dom number, which can be generated in a conventional 
manner. The other communication device 11 (n'), in turn, 
will decrypt the session key value SK. Accordingly, both 
devices will have the same session key value SK. but 
the session key value SK will have been transferred be- 
tween the communication devices 11 (n) and 11 (n') in an 
encrypted manner to ensure privacy as against third 
party interception. 

During the communication session, both communi- 



cation devices 11 (n) and 1 1 (n') will use the session key 
value in connection with transfer of information therebe- 
tween, in the following manner. When a communication 
device, for example, communication device 11 (n). as a 
5 source device 11 (n^), has an information packet INF to 
transfer to communication device 1 1 (n'), it (that is, com- 
munication device 11 (n)) will initially append the session 
key SK to the information INF to provide an augmented 
Information packet INFISK, where the vertical bar "I" 
10 represents the concatenation operation. The communi- 
cation device 11 (n) will generate a hash value from the 
augmented information packet, that is, HASH(INFISK). 
Thereafter, the device will transfer a message packet 
comprising the information packet INF to which the hash 
IS value has been appended, that is INFIHASH(INFISK). 
It will be appreciated that the portion of the message 
packet comprising the information packet to be trans- 
ferred Is in unencrypted form, that is, that it is in so-called 
"plain text," in which case any other device 11 (n") (nVn. 
20 n') which receives the message packet can determine 
and use the information being transferred in the mes- 
sage packet. 

When the other communication device 1 1(n') re- 
ceives a message packet, purportedly from communi- 
25 cation device 1 1 (n), including the message packet com- 
prising the information packet INF and the hash value 
HASH(INFISK) as described above, it (that is, commu- 
nication device 1 1 (n')) will interpret the message packet 
as comprising two portions, namely, an information 
30 packet portion INF' and a hash value HASH(INFtSK)'. 
Since the hash value is of a fixed length and in a prede- 
termined position in the message packet, which will be 
known to both communication devices 11(n) and 11(n*), 
the destination communication device 1 1 (n') can readily 
35 determine which portion of the message packet con- 
tains the hash value, with the rest of the message packet 
comprising the information packet. 

After the destination communication device 1 1(n*) 
identifies the information packet INF' and the hash value 
40 HASH(INFISK)'' from the received message packet, it 
(that is, the communication device 1 l(n') will append 
thereto the session key SK, which established by the 
communication devices 11 (n) and 11 (n') during the ses- 
sion establishment and protocol negotiation operation, 
45 as described above, thereby to generate an augmented 
received information packet INF'ISK. Thereafter, the 
communication device 11 (n') will generate a hash value 
from augmented information packet, that is, HASH 
(INF'ISK), using the same hash function as was used by 
50 the source communication device 11(n) in generating 
the hash value HASH(INFISK) prior to transferring the 
message packet. 

If the receiving device determines that the hash val- 
ue HASH(INF'ISK) corresponds to the hash value 
ss HASH(INFISK) which it receives in the message packet, 
since, from property (2) of the hash function as de- 
scribed above, that is, that it is highly unlikely that dif- 
ferent input values would hash to the same hash value. 
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it (that is. the destination communication device 11 n')) 
can detemnine with a high degree of probability that 
INF'ISK corresponds to INFISK, in which case the infor- 
mation packet INF* that it receives corresponds to the 
information packet INF transferred by the source com- 
munication device 11 (n). This will ensure to a high de- 
gree of probability that the message packet transmitted 
by the source communication device ll(n) has not been 
tampered with while it (that is, the message packet) is 
traversing the network. 

In addition, since the session key SK is transferred 
between the communication devices 11 (n) and 11 (n') in 
an encrypted form during the session establishment and 
protocol negotiation operation as described above, it is 
extremely unlikely that a third communication device 11 
(n") (n" 9tn. n') would have been able to intercept and 
determine the actual session key value SK used by the 
communication devices 11 (n) and 11 (n'). Thus, also 
from property (2) of the hash function as described 
above, if the if the destinatbn communication device 11 
(n*) determines that the hash value HASH(INF'ISK) that 
it generates from the received information packet IMP 
portion of the received message packet, corresponds to 
the hash value HASH(INFISK) which it receives in the 
message packet, the destination communication device 
1 1 (n') can determine that it is extremely unlikely that the 
message packet was transferred thereto by another de- 
vice purporting to be the source communication device 
11(n) in the communication session, thereby ensuring 
authenticity of the message packet received by the des- 
tination communication device 11 (n'). In addition, from 
the non-invertability property of the hash function (prop- 
erty (3) described above), even if a third communication 
device 11 (n") (nVn, n') were to intercept a message 
packet containing an information packet INF and a hash 
value HASH(INFISK), and though the third communica- 
tion device 11 {n") can readily determine the information 
in the information packet, it would be extremely unlikely 
that it (that is, the third communication device 11 (n")) 
would be able to determine the input value INFISK of 
the hash function, and thereby determine the session 
key SK. Accordingly, even though the hash value HASH 
(INFISK) is transferred in plaintext, that is. unencrypted, 
it is extremely unlikely that a third communication device 
1 1 (n') would be able to determine the value of the ses- 
sion key from the message packet. 

FIG. 2 is a functional block diagram of a communi- 
cation device, such as communication device 11 (n). 
With reference to FIG. 2, the communication device 11 
(n) includes a session key control portion 20 and a mes- 
sage transfer portion 21 . both of which are operate un- 
der control of a session control 22. If the communication 
device 11 (n) is to generate the session key value SK for 
the communication session, the session key control por- 
tion 20 generates the session key value and stores it for 
subsequent use by the communication device 1 1 (n) dur- 
ing the session. In addition, the session key control por- 
tion 20 encrypts the session key value SK for transmis- 



10 

sion to the other communication device 1 1 (n') (n';tn) dur- 
ing the session establishment and protocol negotiation 
operation. If the other communication device 11(n') is to 
generate the session key value, it will provide the ses- 
5 sion key value in encrypted form, and the session key 
control portion 20 will decrypt the encrypted session key 
value and store the session key value for subsequent 
use by the communication device 11 (n) during the ses- 
sion. 

10 The message transfer portion 21 handles commu- 
nications with the other communication device 11 (n*) 
(n'^tn) during the communication session, in particular 
generating message packets for transfer to the other 
communication device 11 (n') and receiving message 
IS packets from the other communication device 11 (n*) dur- 
ing the session. In generating a message packet, mes- 
sage transfer portion 21 will receive the stored session 
key value from the session key control portion 20 for use 
in generating the hash value tor use in the message 
20 packet. In addition, for a received message packet, the 
message transfer portion 21 receives the stored session 
key value from the session key control portion 20 and 
generates a hash value for comparison with the hash 
value in the received message packet. The message 
25 transfer portion 21 is also used during the session es- 
tablishment and protocol negotiation operation, in par- 
ticular transferring the encrypted session key value pro- 
vided by the session key control portion 20 to the other 
communication device 11 (n') if the communication de- 
30 vice 11(n) is to generate the session key value for the 
session. Alternatively, if the other communication device 
11 (n') is to generate the session key value for the ses- 
sion, the message transfer portion 21 will receive the 
encrypted session key value from the other communi- 
35 cation device 11(n') and provide it to the session key 
control portion 20. 

The session key control portion 20 includes a ses- 
sion key generator 30, a session key store 31 , a session 
key encryptor 32 and a session key decryptor 33. If the 
40 communication device 11 (n) is to generate the session 
key value for the communication session, the session 
key generator 30 generates a session key value, repre- 
sented by the GEND_SESS_KEY signal, and provides 
it to the session key store 31 for storage. The session 
45 key generator 30 preferably comprises, for example, a 
conventional random or pseudo-random number gener- 
ator. During the session establishment and protocol ne- 
gotiation operation, the session key value stored in the 
session key store 31 is provided as a SESSION_KEY 
so signal to the session key encryptor 32. The session key 
encryptor 32, in turn, generates from the session key 
value provided by the session key store an encrypted 
session key value, which it provides as an 
XMlT_ENCRYPTED_SESSION_KEY transmit encrypt- 
55 ed session key signal to the message transfer portion 
21 for transfer to the other communication device 11 (n'). 

On the other hand, if the communication device 11 
(n) is to receive the session key value from the other 
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communication device 11 (n'). during the session estab- 
lishment and protocol negotiation operation, the mes- 
sage transfer portion 21 will receive an encrypted ses- 
sion key value, represented by a 
RCVD_ENCRYPTED„SESS10N_KEY received en- s 
crypted session key signal, from the other communica- 
tion device 1 1 (n') and provide it to the session key de- 
cryplor 33. The session key decryptor 33, in turn, de- 
crypts the received encrypted session key value to gen- 
erate the session key value, which it provides as a io 
RCVD_SESS_KEY received session key signal to the 
session key store 31 for storage. 

The message transfer portion 21 Includes a trans- 
mit data buffer 40. a receive data buffer 41 , a message 
generator and receiver 42 and a hash generator and ^5 
verifier 43. The transmit data buffer 40 receives data to 
be transferred from a data source and buffers it (that is, 
the data) prior to transmission during a session. Data 
sources may comprise any of number of types of sourc- 
es of data, including, by way of example and not limila- 
tion, computer systems, mass storage subsystems, de- 
vices for generating data in digital or other forms, other 
networks and the like. Similarly, the receive data buffer 
41 receives and buffers data transferred to the commu- 
nication device 11 (n) during a session prior to transfer- 25 
ring It (that is, the buffered data) to a destination. As with 
data sources, data destinations may comprise any of a 
number of types of destinations for data, in digital or oth- 
er forms. 

The message generator and receiver 42 generates 30 
message packets for transmission over the communi- 
cation link 12 (FIG. 1). and receives message packets 
from the communication link 12. In addition, the mes- 
sage generator and receiver 42 operates during the ses- 
sion establishment and protocol negotiation operation, 35 
receiving the encrypted session key value represented 
by the XMIT„ENCRYPTED_ SESSION.KEY signal to 
the other communication device 1 1 (n*) (n'^^n) if the corh- 
munication device 11 (n) is to generate the session key 
value, or receiving the encrypted session key value from 40 
the other communication device 11 (n') if the other com- 
munication device 11 (n') is to generate the session key 
value for provision to the session key decryptor 33 as 
the RCVD_ENCRYPTED_SESSION_KEY signal. 

Duringa communication session, when the commu- 
nication device 1 1 (n) Is to transmit a message packet to 
the other communication device 11 (n') (nVn). data from 
the transmit data buffer 40, represented by an 
XMIT_DATA signal, is provided to both the message 
generator and receiver 42 and the hash generator and so 
verifier 43. The hash generator and verifier 43 also re- 
ceives the session key from the session key store 31, 
represented by the SESSION_KEY signal, and gener- 
ates a hash value, as described above, which it (that is, 
the hash generator and verifier 43) provides to the mes- 55 
sage generator and receiver 42, represented by a HASH 
signal. The message generator and receiver 42, in turn, 
receives the data from the transmit data buffer 40 and 



the hash value from the hash generator and verifier 43 
and generates a message packet for transmission to the 
communication device 11 (n'). the message packet in- 
cluding both the data and the hash value. 

On the other hand, when the communication device 
11 (n) is to receive a message packet from the other 
communication device 11 (n') (nVn), the message gen- 
erator and receiver 42 provides the received data from 
the message packet, represented by the RCVD_DATA 
received data signal, to the receive data buffer 41 for 
storage. In addition, the message generator and receiv- 
er 42 provides both received data and the hash value 
from the message packet, the hash value being repre- 
sented by the HASH signal, to the hash generator and 
verifier 43. The hash generator and verifier 43 generates 
a hash value from the received data and the session key 
provided by the session key store, represented by the 
SESSION_KEY signal, and compares the generated 
hash value to the hash value received In the message 
packet. If the hash generator and verifier 43 determines 
that the generated hash value corresponds to the hash 
value as received in the message packet, it (that is, the 
hash generator and verifier 43) asserts a 
RCVD_MSG_VER received message verified signal. 
On the other hand, if the hash generator and verifier 43 
determines that the generated hash value does not cor- 
respond to the hash value as received in the message 
packet, it will negate the RCVD_MSG_VER received 
message verified signal. The session control 22 can use 
the RCVD_MSG_\/ER signal to verify that the received 
message packet was authentic and not tampered with 
during transfer from the other communication device 11 
(n-). 

The invention provides a number of advantages. In 
particular, the invention reduces the computation load 
of engaging in a communication session by reducing the 
amount of encryption and decryption that is required, al- 
lowing for minimal latency and the use of lower-cost 
communication devices in the system. Since the inven- 
tion requires encryption and decryption only of the ses- 
sion key, an encryption and decryption operation is re- 
quired only once or only a relatively small number of 
times during the communication session, to ensure pri- 
vacy of the session key value, not each time a message 
packet is transferred. 

It will be appreciated that numerous modifications 
may be made to the invention as described herein. For 
example, the communication devices 11 (n) and 11 (n') 
engaging in a communications session may establish a 
session key value SK once for use throughout the com- 
munication session. Alternatively the communication 
devices ll(n) and 11 (n') may use a session key value 
SK for a predetermined time interval, and generate a 
new session key value SK' for use during a succeeding 
time interval, which may be repeated for each of a plu- 
rality of successive time intervals; preferably, each ses- 
sion key value SK. SK*, ... generated for each time in- 
terval will be transferred by the communication device 
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which generates the session key value to the other com- 
munication device in encrypted form, which will require 
multiple encryption and decryption operations during 
the communication session, but the number of such ses- 
sion key value transfers will normally expected to be tar 
fewer than the be number of information packet trans- 
fers during the session. 

In addition, both devices engaging in the communi- 
cation session may use the same session key value SK 
for information transferred thereby, or each device may 
generate an individual session key value for use in con- 
nection with information transferred thereby. 

In addition, it will be appreciated that the communi- 
cation devices 11 (n) can implement several methodol- 
ogies during a communication session. That is, the com- 
munication devices can, for some of the message pack- 
ets to be translerred, encrypt the entire message pack- 
et, or jusl the information packet portion or the hash val- 
ue portion. In addition, for such message packets for 
which Ihe hash value is encrypted, Ihe hash value may 
be geneialed from jusl the information packet portion, 
or from the information packet concatenated with the 
session key value SK The encryption of at least the in- 
formation packet portion of a message packet may be 
particularly desirable if the information contained therein 
is to be maintained in private. 

Furthermore, it will be appreciated that, if a commu- 
nication device 11 (n) will not be generating a session 
key value (which may occur if other communication de- 
vices 11 (n-) (n'?tn) will generate session key values for 
communication sessions including the communication 
device 11 (n)), it need not include a session key gener- 
ator 30 and session key encryptor 32. Contrariwise, if a 
communication device 11(n) will always be generating 
session keys for communication sessions, it need not 
include a session key decryptor 33. Similarly, if the com- 
munication device 11 (n) will always be transmitting data 
to other communication devices 11 (n'): it (that is, com- 
munication device 11(n)) need not include elements for 
receiving message packets and data, including the re- 
ceive data buffer 41 . Contrariwise, if the communication 
device 11 (n) will always be receiving data from other 
communication devices 1 1 (n'), it (that is, communication 
device 11 (n) need not include elements tor transmitting 
message packets and data, including the transmit data 
buffer 40. 

It wilt be appreciated that a system In accordance 
with the invention can be constructed in whole or in part 
from special purpose hardware or a general purpose 
computer system, or any combination thereof, any por- 
tion of which may be controlled by a suitable program. 
Any program may in whole or in part comprise part of or 
be stored on the system in a conventional manner, or rt 
may in whole or in part be provided in to the system over 
a network or other mechanism for transferring informa- 
tion in a conventional manner In addition, it will be ap- 
preciated that the system may be operated and/or oth- 
enwise controlled by means of information provided by 
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an operator using operator input elements (not shown) 
which may be connected directly to the system or which 
may transfer the information to the system over a net- 
work or other mechanism for transferring information in 
5 a conventional manner. 

The foregoing description has been limited to a spe- 
cific embodiment of this invention. It will be apparent, 
however, that various variations and modifications may 
be made to the invention, with the attainment of some 
10 or all of the advantages of the invention. It is the object 
of the appended claims to cover these and such other 
variations and modifications as come within the true 
spirit and scope of the invention. 

15 

Claims 

1. A communications system tor efficiently communi- 
cating authenticated data information during a com- 
20 munication session, comprising: 

a plurality of communication devices intercon- 
nected by a network having at least a first com- 
munication device and a second communica- 

25 tion device; 

a means for communicating between said first 
communicating device and said second com- 
munication device during a session establish- 
ment operation and during said communication 

30 session; 

a means for generating a session key within 
said first communication device; 
a means for generating a first hash value within 
said first communication device by applying a 

35 selected hash function having a property of 

non-invertabilty to both said data and said ses- 
sion key, wherein said session key is then pri- 
vately communicated to said second communi- 
cation device through said means for commu- 

40 nicating during said session establishment op- 

eration; 

at least one message packet originating in said 
first communication device in an untampered 
state, said at least one message packet includ- 
es ing at least said data and said first hash value, 
wherein said at least one message packet is 
then communicated from said first communica- 
tion device to said second communication de- 
vice through said means for communicating 
so during said communication session; 

a means for generating a second hash value 
within said second communication device by 
applying said selected hash function to both 
said data communicated during said communi- 
ss cation session and said session key communi- 

cated during said session establishment oper- 
ation, wherein said data is authenticated by 
comparing said first hash value to said second 
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hash value. 

2. The communicalion system of claim 1. said means 
(or privately communicating said session key per- 
iormed through encryption/decryption methodology 
that is structurally achieved by said first communi- 
calion device further comprising a means for en- 
crypting said session key and said second commu- 
nication device further comprising a means for de- 
crypting said session key upon receipt from said 
first communication device. 

3. The communication system of claim 1 , wherein said 
first communication device further comprises a 
moans lor concatenating said first hash value to 
said data lo generate said at least one message 
pacKci 

4. The communicH-ion system of claim 1 , wherein said 
at leas: one rnessH^^u packet is privately communi- 
cated liofti t>HKj tiibt coininujiication device to said 
second commumcrition device, said means for pri- 8. 
vately communcntmg said at least one message 
packet pcrfcfmed thiough encryption/decryption 
methodology th,it lo ctrucluratly achieved by said 
first communtcaiion dovico further comprising a 
means lor encrypt ng said at least one message 
packet and snid second communication device fur- 
ther compfi<;nn ^ nr<>Hns lor decrypting said at least 
one messago pHcKcl upon receipt from said first 
communication device 

5. The communication system of claim 1 . said second 
communication device further comprising a means 
for verifying mo origin of said at least one message 
packet by comparing said first hash value to said 10. 
second hash va'uo 

6. The communication system of claim 1 , said second 
communicalion device further comprising a means 
for detecting whether said at least one message 
packet has been tampered with by comparing said 
first hash value to said second hash value. 
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A method of opcrriimg a communications system 
having a pluralily of communication devices for ef- 
ficiently communicating authenticated data intor- 11. 
malion during a comiiiunicalion session, compris- 
ing the steps of 

generating a session key in a first communica- 
tion device: 

generating a first hash value in said first com- 12. 
municalion device by applying a selected hash 
function having a property of non-invertabilty to 
both said data and said session key; 
privately communicating said session key to a 
second communication device through( a 
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55 



means for communicating prior to said commu- 
nication session in a session establishment op- 
eration; 

assembling at least one message packet orig- 
inating in said first communication device in an 
untampered state, said at least one message 
packet including at least said data and said first 
hash value; 

communicating said at least one message 
packet lo a second communication device 
through said means for communicating during 
said communication session; 
generating a second hash value in said second 
communication device by applying said select- 
ed hash function to both said data communicat- 
ed duhng said communication session and said 
session key communicated during said session 
establishment operation; 
authenticating said data by comparing said first 
hash value to said second hash value. 

The method of operating a communications system 
of claim 7, said step of privately communicating said 
session key to said second communication device 
further comprising the steps of encrypting said ses- 
sion key generated in said first communication de- 
vice and decrypting said session key in said second 
communication device upon receipt from said first 
communication device. 

The method of operating a communications system 
of claim 7. further comprising the step of concate- 
nating said first hash value to said data to generate 
said at least one message packet. 

The method of operating a communications system 
of claim 7, wherein said step of communicating said 
at least one message packet from said first commu- 
nication device to said second communication de- 
vice is privately performed through the steps of en- 
crypting said at least one message packet prior to 
communication to said second communication de- 
vice and decrypting said at least one message 
packet upon receipt from said first communication 
device. 

, The communication system of claim 7, said step of 
authenticating said data further comprising the step 
of verifying the origin of said at least one message 
packet by comparing said first hash value to said 
second hash value. 

The communication system of claim 7, said step of 
authenticating said data further comprising the step 
of detecting whether said at least one message 
packet has been tampered with by comparing said 
first hash value to said second hash value. 
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13. A computer program product tor use in efficiently 
communicating authenticated data information dur- 
ing a communication session in connection with a 
plurality of communication devices having at least 
a first communication device and a second commu- 5 
nication device interconnected by a network, to con- 
trol the communication of at least one message 
packet therebetween, the computer program prod- 
uct comprising a communication device-readable 
medium having encoded thereon: io 



16. A computer program as defined in claim 1 3 in which 
the session control module enables said first com- 
munication device and said second communication 
device to privately communicate therebetween said 
at least one message packet during said communi- 
cation session by enabling said first communication 
device to encrypt said at least one message packet 
and said second communication device to decrypt 
said at least one message packet upon receipt from 
said first communication device. 



a session establishment module for enabling 
said first communication device and said sec- 
ond communication device to engage in a ses- 
sion establishment operation prior to said com- is 
munication session during which said first com- 
munication device generates a session key and 
privately communicates said session key to 
said second communication device; 
a session control module 
for enabling said first communication device to 
generate a first hash value in said first commu- 
nication device by applying a selected hash 
function having a property of non-invertabilty to 
both said data and said session key, 2S 
for enabling said first communication device to 
generate at least one message packet originat- 
ing in said first communication device, said 
message packet including at least said data 
and said hash value, 30 
for enabling said first communication device 
and said second communicatbn device to com- 
municate therebetween said at least one mes- 
sage packet during said communication ses- 
sion, 35 
for enabling said second communication de- 
vice to generate a second hash value by apply- 
ing said selected hash function to both said da- 
ta communicated during said communication 
session and said session key communicated 
during said session establishment operation, 
and 

for enabling said second communication de- 
vice to authenticate said data by comparing 
said first hash value to said second hash value, 



17. , A computer program as defined in claim 13 in 
which the session control module enables said sec- 
ond communication device to verify the origin of 
said at least one message packet by comparing 
said first hash value to said second hash value. 

18. A computer program as defined in claim 1 3 in which 
the session control module enables said second 
communication device to delect whether said at 
least one message packet has been tampered with 
by comparing said first hash value to said second 
hash value. 



14. A computer program as defined In claim 1 3 in which 
the session eslablishmenl module enables said first 
communication device to encrypt said session key 
and said second communication device to decrypt 50 
said session key upon receipt from said first com- 
munication device. 

1 5. A computer program as defined in claim 1 3 in which 

the session establishment module enables said first 55 
communication device to concatenate said first 
hash value to said data to generate said at least one 
message packet. 
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that facilitates tamper detection 



(57) A communication system includes communica- 
tion devices which communicate during a communica- 
tion session. During communication session establish- 
ment, the devices exchange a session key in an encrypt- 
ed manner for privacy. When one device has information 
to transfer to the other device, the one device will ap- 
pend the session key to the information and apply a 
hash function thereto to generate a hash value, and gen- 
erate a message packet for transfer to the other device 
that includes an information portion containing the infor- 
mation and a hash value portion containing the hash val- 
ue. When the other device receives the message pack- 



et, it will append the session key to the information from 
the information portion of the packet that it receives, and 
generate a hash value therefrom. If the receiving device 
determines that the generated hash value corresponds 
to the hash value received in the message packet, prop- 
erties of the hash function that is used to generate the 
hash values enable it to conclude that the message 
packet was not tampered with during the transfer and 
that it originated from the one device. The system avoids 
the necessity of computation-intensive encryption and 
decryption for message packet transfer during a com- 
munication session. 
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